Skip to content

Commit 8e4c32f

Browse files
committed
PDFBOX-6180: improve directory boundary check, as suggested by Kaixuan Li; closes #427
git-svn-id: https://svn.apache.org/repos/asf/pdfbox/trunk@1932444 13f79535-47bb-0310-9956-ffa450edef68
1 parent b463371 commit 8e4c32f

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

examples/src/main/java/org/apache/pdfbox/examples/pdmodel/ExtractEmbeddedFiles.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,9 @@ private static void extractFile(String filename, PDEmbeddedFile embeddedFile, St
141141
{
142142
File file = new File(directoryPath, filename);
143143
File parentDir = file.getParentFile();
144-
if (!parentDir.getCanonicalPath().startsWith(directoryPath))
144+
String parentCanonical = parentDir.getCanonicalPath();
145+
if (!parentCanonical.equals(directoryPath) &&
146+
!parentCanonical.startsWith(directoryPath + File.separator))
145147
{
146148
System.err.println("Ignoring " + filename + " (different directory)");
147149
return;

0 commit comments

Comments
 (0)